Founded in 2006, GreenSky, Inc. is a leading financial technology company “Powering Commerce at the Point-of-Sale” for a growing ecosystem of merchants, consumers and banks. Their highly scalable, proprietary technology platform enables nearly 16,000 merchants to offer frictionless promotional payment options to consumers, driving increased sales volume and accelerated cash flow.Banks leverage GreenSky’s technology to provide loans to super-prime and prime credit consumers nationwide. Since their inception, over 2.4 million consumers have financed over $17 billion of commerce usingGreenSky’s paperless, real-time “apply and buy” technology.
As an innovative Fintech company, GreenSky has been disrupting the lending business with on-the-spot financing via their network of contractors and bank partners. As a mobile-first financial services company, GreenSky is not itself a traditional lender or bank, yet rather a technology platform facilitating promotional financing at the point of commerce.
“Applications that are built and deployed in a rapid cadence within the AWS cloud offer us greater scalability, agility and resilience. With Contrast, automating application security into DevOps processes helped GreenSky keep up with the demand to keep delivering business value with increasing speed.”
Sr. DevSecOps Engineer
Inherent during the growth of any software company is the necessity to streamline and secure the SDLC so that all key stakeholders are seamlessly aligned throughout the entire DevOps process—from initial code builds to post-production.
GreenSky is no exception to this process, finding itself in need of inter-department collaboration as they started migrating critical capabilities like application security to the cloud. Continual, manual processes and complex workflows quickly gave rise to a transition to a DevOps mindset and technology processes that are reliable and repeatable — these are the hallmarks of security automation.
Previously, the use of manual static (SAST) and dynamic (DAST) testing tools, and the need for security reviews would delay agile sprints in development, frustrating stakeholders like project owners. Additionally, the cultural differences and priorities between development teams (who value product features and hi-velocity releases), and security operations teams (who value code stability and security) often find each other at odds over these priorities — causing friction between these groups.
Contrast Assess has democratized this continuous review process, allowing teams to integrate security into their existing tools in order to make more informed decisions resulting in secure code releases. It also addresses the numerous industry audits, compliance, and regulations that need to be observed.
“In order to release code more rapidly, we are seeing more aspects of the software development lifecycle being forced to shift-left. Due to the rapid pace of the speed in which software is updated and delivered, automated application security via Contrast enables us to deliver on this.”
Sr. Director of IT Security
Before GreenSky shifted their software development to a hosted cloud environment, they were using VMware on premises. Realizing this approach wouldn’t be sustainable for the long-term, they then migrated their stack directly into Amazon’s EC2 platform with nominal changes to the existing architecture.
Shortly after, they started optimizing their application structure from a monolithic style to a more lightweight microservices approach deployed across various smaller EC2 containers, using fewer resources than previous virtual machines.
GreenSky’s transformation strategy migrated legacy services into Docker (managed with Chef), and then placed everything in ECS/Fargate, the compute engine for deploying and managing containers for ECS. Developers were able to get Contrast to integrate into the Docker images and environmental variables were handled via the Jenkins pipeline. This allowed for a seamless migration to ECS/Fargate. The process can now migrate to a serverless framework by harnessing the benefits of AWS Lambda - provisioning resources while working in concert with Contrast to implement the capabilities of Contrast Assess.
Prior to deploying Contrast Assess, a security risk assessment had to be performed on every component at every stage of the SDLC (Dev, QA, UAT, Production) siphoning valuable time and resources. Now that development teams are running code with Contrast Security, developers can weave in security with Contrast as they write code.Saving time: Freeing up around 10 hours a week for 2-3 people to focus on other security related work. Gaining visibility sooner: Vulnerabilities are found much earlier, eliminating unforeseen and last-minute roadblocks for quicker deployment.
As an innovative Fintech company, GreenSky can now accelerate its time-to-market with secure applications that were paramount to highlighting business value, operational efficiencies, flexibility and overall success. Migrating to the cloud via Amazon Web Services (AWS) and augmenting application security with Contrast helped GreenSky achieve these major strategic initiatives. By implementing Contrast Assess as part of their secure DevOps program, GreenSky established a shared responsibility model that helps galvanize and integrate security into existing workflows. As a result, this allowed GreenSky to bring their digital financial ecosystem model to the market faster and securely to meet their customer demands.